1. Field of the Invention
The present invention relates generally to broadcast data encryption, and more particularly to the encryption of recordable media to permit the media to be copied once only.
2. Description of the Related Art
The advantages of digitized video and music are numerous, but one significant drawback is that being digitized, the content is relatively easy to copy perfectly, without authorization of the copyright owner. Copies can be made of digital audio and video content that is broadcast to in-home receivers over a network such as, for example, Home Box Office (HBO), or that is provided to in-home users on media such as digital video disks (DVDs). Indeed, widespread copying by pirates costs content owners billions of dollars per year. Thus, the present invention understands that it is desirable to limit the unauthorized copying of digital audio and video.
The problem, however, is complicated by the desire of governmental bodies and consumer protection lobbies to permit a buyer of digitized content to make a single copy for archive purposes or other legitimate reasons. Accordingly, the problem addressed by the present invention is how to enable a buyer to copy a broadcast program, but once only. It is to be understood that while today the requirement is to make only one copy, in the future the requirement might be to allow two or more copies. It is to be further understood that any solution solving the “copy once” requirement could be trivially extended to any specified number of copies; the invariant feature of any solution is to make sure that a copy cannot be further copied. For convenience and clarity, the present disclosure assumes that only one copy is to be made, it being understood that limiting the number of permissible copies to any finite number is within the scope of the present invention.
To better understand the problem, if every recorder in the world were an authorized, properly programmed recorder, a broadcast program could simply contain an unencrypted signal indicating “copy once”, and each recorder used for copying would duly copy the content and append an unencrypted message to the copy indicating “copy no more”. Any player could play the copy, but any recorder sought to be used to recopy the content would obey the “copy no more” message, protecting the rights of the content owner.
Of course, pirate recorders can be constructed that do not obey such procedural messages. Consequently, a cryptographic approach must be used to prevent unauthorized usable copies from being made. One approach recognized herein is to provide each authorized recorder with its own secret key, which the recorder would use to encrypt the content. Unfortunately, the media so recorded could be played back only on the player that is associated with the recorder that made the copy, so this approach is unacceptable in the consumer market.
Alternatively, the present invention understands that a single secret key could be provided to all recorders, which would then use the key to encrypt the content as it is recorded. In this way, any authorized recorder that includes a player could play back the recording, regardless of where the recording was made, and authorized recorders could be programmed to copy any broadcast program only once. Current DVD encryption methods use this approach. The drawback with this method is that it is cryptographically fragile—once the system secret is discovered by an unauthorized person, it can be disseminated to unauthorized pirate recorders that could use the key to copy the content thousands of times, unencumbered by what amounts to a promise to copy a broadcast program only once, and thereby defeat the system.
As recognized herein, a one-way key management scheme can be used which has a good key management method to address the above-noted problem of unauthorized recorders being provided with a stolen system key. One-way key management is a cryptographic protocol in which two parties can agree upon a key without having two-way communication. Good one-way key management protocols also have the feature that illegal clones that have some of the secrets in the protocol nonetheless can be excluded from interoperating from the legitimate devices. One such system is disclosed in IBM's co-pending U.S. patent application Ser. No. 09/655,938, filed Apr. 24, 1998 for an invention entitled “System for Encrypting Broadcast Programs in the Presence of Compromised Receiver Devices”, incorporated herein by reference. However, such a system, in and of itself, is not sufficient to address the current problem. This is because a pirate, although unable to discover the key and decrypt the data in the broadcast program or on the DVD, can simply make a bit-for-bit copy of the encrypted data. The pirate recorder itself could not decrypt and play the data, but any legitimate recorder-player would be capable of decrypting and playing the unauthorized copy, thus making the copy salable.
The present invention has carefully considered the above considerations and has addressed the noted problem.